RESEARCH
OT Exposure Index
A quarterly analysis of internet-exposed industrial control systems across energy, water, manufacturing, and building automation sectors.
Executive Summary
ShiftSix Security’s OT Exposure Index tracks the state of internet-exposed industrial control systems worldwide. Using passive outside-in reconnaissance across Modbus, DNP3, OPC UA, BACnet, IEC 60870, and EtherNet/IP protocols, we map the external attack surface of critical infrastructure sectors every quarter.
54,000+
Exposed Modbus
Devices Identified
12,000+
Exposed DNP3
Endpoints
8,400+
Exposed BACnet
Devices
3,200+
Exposed OPC UA
Servers
Key Findings
Energy Sector
Renewable energy and BESS installations show the fastest growth in internet-exposed OT assets, with a 34% increase in exposed Modbus and DNP3 endpoints year-over-year.
Water & Wastewater
Municipal water utilities remain disproportionately exposed, with many facilities running legacy PLCs directly reachable from the internet without authentication.
Building Automation
BACnet exposure continues to grow as smart building deployments outpace security controls, with 62% of exposed BAS devices showing default or no authentication.
What’s Inside the Full Report
- Global OT Exposure Trends — Year-over-year analysis
- Sector-by-Sector Breakdown — Energy, Water, Maritime, Buildings
- Protocol Exposure Analysis — Modbus, DNP3, OPC UA, BACnet, IEC 104
- Nation-State Threat Correlation — VOLT TYPHOON, CHERNOVERITE, Cyber Av3ngers
- Geographic Distribution — Exposure by country and region
- Compliance Gap Analysis — Mapping to NERC CIP, IEC 62443, NIST CSF
- Recommendations — Prioritized remediation guidance
Download the Full OT Exposure Index
We respect your privacy. No spam, ever.